Timestamping Authority is an on-premises timestamping solution based on RFC 3161 that guarantees that data, including documents or code, exists at a given time through the generation of digitally signed timestamps. Specifically:
- Proof of the time when a digital signature was applied or validated.
- Prevents code rejection, ensuring that the signature is valid when signing.
- Enables digital signature verification after the certificate used for the signature is revoked or expired.
When deployed on PKI Hub, this Entrust solution adds the following to the PKI Hub integration report.
Hardware security modules supported by Timestamping Authority
See the following table for versions supported by Timestamping Authority and other solutions.
Hardware | Client driver | Firmware | Certificate Authority | Timestamping Authority | Validation Authority |
|---|---|---|---|---|---|
Entrust nShield Connect XC | 13.9.0 (FIPS 140-2 Level 3 mode supported) | 12.60.15 & 12.60.2 |
|
|
|
Entrust nShield 5c | 13.9.0 | 13.2.4 |
|
|
|
Entrust nShield 5c 10G | Not supported | Not supported |
|
|
|
Epicom | EP990 v1.08-1 | — |
|
|
|
Thales Luna HSM 7 | 10.8.0 | 7.7.1-20 |
|
|
|
Thales TCT | 10.8.0 | 7.7.1-20 |
|
|
|
Signature key generation algorithms supported by Timestamping Authority
Validation Authority supports the following algorithms for generating the timestamping response signing key.
<key_type> | Description | Post-quantum |
|---|---|---|
RSA2048 | RSA 2048 bits |
|
RSA3072 | RSA 3072 bits |
|
RSA4096 | RSA 4096 bits |
|
ECDSAP256 | ECDSA curve NIST P-256 |
|
ECDSAP384 | ECDSA curve NIST P-384 |
|
ECDSAP521 | ECDSA curve NIST P-521 |
|
ML-DSA-44 | Module-Lattice-Based Digital Signature Algorithm 44-bit |
|
ML-DSA-65 | Module-Lattice-Based Digital Signature Algorithm 65-bit |
|
ML-DSA-87 | Module-Lattice-Based Digital Signature Algorithm 87-bit |
|